DOCSLIB.ORG

Cracking Salted Hashes

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Garage 4 Hackers http://www.garage4hackers.com Cracking Salted Hashes Web Application Security: - The Do’s and Don’ts of “Salt Cryptography” Overview: Data Base security has become more critical as Databases have become more open. And Encryption which is one among the five basic factors of data base security. It’s an insecure practice to keep your sensitive data like Password, Credit Card no etc unencrypted in you database. And this paper will cover the various Cryptography options available and do and don’ts of them. Even if you have encrypted your data that doesn’t mean that your data’s are fully secured, and this paper will be covered in an Attacker perspective. Slat Cryptography. http://en.wikipedia.org/wiki/Salt_(cryptography) Assume a user’s hashed password is stolen and he is known to use one of 200,000 English words as his password. The system uses a 32-bit salt. The salted key is now the original password appended to this random 32-bit salt. Because of this salt, the attacker’s pre-calculated hashes are of no value (Rainbow table fails). He must calculate the hash of each word with each of 232 (4,294,967,296) possible salts appended until a match is found. The total number of possible inputs can be obtained by multiplying the number of words in the dictionary with the number of possible salts: 2^{32} \times 200 000 = 8.58993459 \times 10^{14} To complete a brute-force attack, the attacker must now compute almost 900 trillion hashes, instead of only 200,000. Even though the password itself is known to be simple, the secret salt makes breaking the password increasingly difficult. Well and salt is supposed to be secret, to be simple if the attacker knows what salt is used then we would be back again to step one. So below listed are few possible ways you could use to crack salted hashes. FB1H2S http://www.fb1h2s.com Page 1 Garage 4 Hackers http://www.garage4hackers.com Application that doesn’t use cryptography hashes: While auditing a web application I came across this piece of program. It used java script to encrypt the user password before sending. And a salt too was used, and the salt used was the current Session ID. onclick="javascr ipt:document.frm.id.value='user '; document.frm.passwd.value='value'; this.form.passwd.value=(hex_md5('CC6AB28BA9FAD121184B09E00F1DD6E7'+this.form.passwd.value)); this.form.submit(); Where “CC6AB28BA9FAD121184B09E00F1DD6E7”. So In the Back End program: There would be no way for the back end program to verify the password value, as the salt is used and is the random session id. And as MD5 function are non reversible hash function, the password cannot be verified unless and until the passwords are saved as clear text in the Data Base. The salt used to encrypt the password before sending were the random generated session ids. That means that the back end databases are no way encrypted. Some time these kinds of coding gives away a lot of information. Point NO 1: Always encrypt and save your passwords database. Slated Hashes. I recently came across a huge Data Base of a well known !@#$$il[Encrypted] ☺, the Database contained Email-Ids and there alternate passwords, but unfortunately the passwords were encrypted and was in hashed format, “Good Practice”. So the following paper would be in respect to how I cracked those hashes. Cracking The Hashes: The few possible way to crack hashed passwords are: 1) The algorithm used for hashing should have some flaws and hashes should be reversible 2) Or that you will have to Brute force the hashes with a wordlist of Dictionary or Rainbow tables. 3) Or simply if you have UPDATE Privileges on that Data Base Update it with a know password’s hash value. For all of these attacks to work you need to know what algorithm the hashes are computed on. FB1H2S http://www.fb1h2s.com Page 2 Garage 4 Hackers http://www.garage4hackers.com So what is that you could do to figure out the Hashing Algorithm used?? Answer: All algorithms generate a fixed length hash value, so based on the Output you could estimate what algorithm was used ☺. “Well all these things are pretty know facts “, but Still am putting it here. For this am putting here a small Cheat sheet for figuring out the Hash functions based on the output. Language: PHP ASP JAVA Algorithm: Function: md5(“input”); Function: Function: java.secur Hash(“input”); System.Security.Cryptogr ity.MessageDigest MD5 aphy Output: 32 Char Output: 32 Char Output: 32 Char Ex: Ex: “5f4dcc3b5aa765d61d8327d “5f4dcc3b5aa765d61d8327d Ex: eb882cf99” eb882cf99” “5f4dcc3b5aa765d61d 8327deb882cf99” Function: Crypt() “ “ “ “ Salt+Crypto By default its DES Output: 13 Char Ex: “sih2hDu1acVcA” And lot others: Original Source: http://www.insidepro.com/eng/passwordspro.shtml FB1H2S http://www.fb1h2s.com Page 3 Garage 4 Hackers http://www.garage4hackers.com FB1H2S http://www.fb1h2s.com Page 4 Garage 4 Hackers http://www.garage4hackers.com FB1H2S http://www.fb1h2s.com Page 5 Garage 4 Hackers http://www.garage4hackers.com Well hope this reference table might be of help for you some time. And out these the hashes I had to crack where “13 Chars” hashes. So it was obvious form my table that It was based on Php Crypt function. A simple walk through of of the Php crypt function: 1) It’s is a hash algorithm which takes in a “String” and a “salt” and encrypts the hashes. 2) And by default it uses “DES” to encrypt hashes. FB1H2S http://www.fb1h2s.com Page 6 Garage 4 Hackers http://www.garage4hackers.com Consider the Ex: <?php $password = crypt ('password' ); ?> Hashes: laAsfestWEiq1 Here password hashes generated would be on basis of a random 2 digit salt. Or we could provide our on salt. <?php $password = crypt ('password',’salt’ ); ?> Hashes: sih2hDu1acVcA And the comparison password verification code would be as follows: if (crypt ($user_password , $password ) == $password ) { echo "Correct Password"; } ?> In either of the cases the salt is appended with the Hashes, property of DES. Well as I mentioned above the security of salt cryptography is on the fact that the salt is unknown to the cracker. But here it’s not. Well with this basic piece of Information, it was easy to crack hashes that I had in my hands ☺. And all the hashes were cracked easily, all I have to do was load a common passwords dictionary and add it with the constant salt, and get my work done. FB1H2S http://www.fb1h2s.com Page 7 Garage 4 Hackers http://www.garage4hackers.com Consider the given Hash/salt programs with the following cases. Salt/Hash algorithm with Constant Salt: $password = $password_input ; //user input $salt = "salted" ; $password = md5($salt.$password); // saved in db md5(saltedpassword) Hashes: 1423de37c0c1b63c3687f8f1651ce1bf Salt: salted In this program a constant salt is used therefore the salt is not saved in the database. So our dumped hashes won’t be having the salt value. For verifying such algorithms we need to try the following things. 1) Try to create a new user using the target application. 2) Dump the data again and verify what algorithm is used using the above mentioned methods. 3) Consider the new password added was “password” md5(‘password’)== “5f4dcc3b5aa765d61d8327deb882cf99”, instead if the updated value was “1423de37c0c1b63c3687f8f1651ce1bf ” that says a salt is used and is a constant one as it don’t seem to be added with the final hashes. Cracking the salt: Now for breaking this, the only thing you could do is a bruteforce the hashes for figuring out what the salt is, for ex: And once we know the salt append it with every password we check and crack it. We know : Md5(‘password’) == “5f4dcc3b5aa765d61d8327deb882cf99” Now question is Md5(‘password’ + “????WHAT????”) === “1423de37c0c1b63c3687f8f1651ce1bf ” FB1H2S http://www.fb1h2s.com Page 8 Garage 4 Hackers http://www.garage4hackers.com Note: Never use a constant salt for all hashes: “If same constant salt is used for all hashes then it would be easy to crack all hashes” So Point NO 2: If your PHP application is storing Sensitive values and you want to encrypt and store its salted hashes then Crypt() function is not the right option nor depending on any constant salt functions is the right choice . Salt/Hash algorithm with Random Salt: If random salt is used for each hash, which is necessary for application whose source is publicly available, then it would be necessary to store the salt along with the hashes. That gives it a –ve point because it’s possible to extract the salt for the hashes. But + point is, that cracker need to build hash tables with each salt for cracking each hash. This makes it hard to crack multiple hashes at a time. But still possible to crack the selected hashes, consider the admin one. Consider the example: $password = $rand(5) ; //user input $salt = "salted" ; $password = md5($salt.$password) ; //saved in db md5(saltedpassword) Hashes: 6f04f0d75f6870858bae14ac0b6d9f73:14357 (Hash:Salt) Salt: 14357 We could extract the salt, but as different hash will be having a different salt, it’s impossible to crack all hashes at a stretch. But it would be back again dependent on how good the passwords are. At similar situations a Dictionary attack on the hashes would be the only possibility. Or else we need a better Cracking program, which provides distributed cracking process. Rainbow tables rocks not because it has got all possible values hashes, but because “Searching” algorithm is faster. FB1H2S http://www.fb1h2s.com Page 9 Garage 4 Hackers http://www.garage4hackers.com Consider. Rainbow tables check searching [Fast] Brute Force Read a value Append salt Compute hashes Compare [slow] This property makes the attack slow even if we know the salt.
Recommended publications
  • GPU-Based Password Cracking on the Security of Password Hashing Schemes Regarding Advances in Graphics Processing Units

    GPU-Based Password Cracking on the Security of Password Hashing Schemes Regarding Advances in Graphics Processing Units

    Radboud University Nijmegen Faculty of Science Kerckhoffs Institute Master of Science Thesis GPU-based Password Cracking On the Security of Password Hashing Schemes regarding Advances in Graphics Processing Units by Martijn Sprengers [email protected] Supervisors: Dr. L. Batina (Radboud University Nijmegen) Ir. S. Hegt (KPMG IT Advisory) Ir. P. Ceelen (KPMG IT Advisory) Thesis number: 646 Final Version Abstract Since users rely on passwords to authenticate themselves to computer systems, ad- versaries attempt to recover those passwords. To prevent such a recovery, various password hashing schemes can be used to store passwords securely. However, recent advances in the graphics processing unit (GPU) hardware challenge the way we have to look at secure password storage. GPU's have proven to be suitable for crypto- graphic operations and provide a significant speedup in performance compared to traditional central processing units (CPU's). This research focuses on the security requirements and properties of prevalent pass- word hashing schemes. Moreover, we present a proof of concept that launches an exhaustive search attack on the MD5-crypt password hashing scheme using modern GPU's. We show that it is possible to achieve a performance of 880 000 hashes per second, using different optimization techniques. Therefore our implementation, executed on a typical GPU, is more than 30 times faster than equally priced CPU hardware. With this performance increase, `complex' passwords with a length of 8 characters are now becoming feasible to crack. In addition, we show that between 50% and 80% of the passwords in a leaked database could be recovered within 2 months of computation time on one Nvidia GeForce 295 GTX.
  • Hash Functions

    Hash Functions

    Hash Functions A hash function is a function that maps data of arbitrary size to an integer of some fixed size. Example: Java's class Object declares function ob.hashCode() for ob an object. It's a hash function written in OO style, as are the next two examples. Java version 7 says that its value is its address in memory turned into an int. Example: For in an object of type Integer, in.hashCode() yields the int value that is wrapped in in. Example: Suppose we define a class Point with two fields x and y. For an object pt of type Point, we could define pt.hashCode() to yield the value of pt.x + pt.y. Hash functions are definitive indicators of inequality but only probabilistic indicators of equality —their values typically have smaller sizes than their inputs, so two different inputs may hash to the same number. If two different inputs should be considered “equal” (e.g. two different objects with the same field values), a hash function must re- spect that. Therefore, in Java, always override method hashCode()when overriding equals() (and vice-versa). Why do we need hash functions? Well, they are critical in (at least) three areas: (1) hashing, (2) computing checksums of files, and (3) areas requiring a high degree of information security, such as saving passwords. Below, we investigate the use of hash functions in these areas and discuss important properties hash functions should have. Hash functions in hash tables In the tutorial on hashing using chaining1, we introduced a hash table b to implement a set of some kind.
  • Modern Password Security for System Designers What to Consider When Building a Password-Based Authentication System

    Modern Password Security for System Designers What to Consider When Building a Password-Based Authentication System

    Modern password security for system designers What to consider when building a password-based authentication system By Ian Maddox and Kyle Moschetto, Google Cloud Solutions Architects This whitepaper describes and models modern password guidance and recommendations for the designers and engineers who create secure online applications. A related whitepaper, Password security ​ for users, offers guidance for end users. This whitepaper covers the wide range of options to consider ​ when building a password-based authentication system. It also establishes a set of user-focused recommendations for password policies and storage, including the balance of password strength and usability. The technology world has been trying to improve on the password since the early days of computing. Shared-knowledge authentication is problematic because information can fall into the wrong hands or be forgotten. The problem is magnified by systems that don't support real-world secure use cases and by the frequent decision of users to take shortcuts. According to a 2019 Yubico/Ponemon study, 69 percent of respondents admit to sharing passwords with ​ ​ their colleagues to access accounts. More than half of respondents (51 percent) reuse an average of five passwords across their business and personal accounts. Furthermore, two-factor authentication is not widely used, even though it adds protection beyond a username and password. Of the respondents, 67 percent don’t use any form of two-factor authentication in their personal life, and 55 percent don’t use it at work. Password systems often allow, or even encourage, users to use insecure passwords. Systems that allow only single-factor credentials and that implement ineffective security policies add to the problem.
  • Horner's Method: a Fast Method of Evaluating a Polynomial String Hash

    Horner's Method: a Fast Method of Evaluating a Polynomial String Hash

    Olympiads in Informatics, 2013, Vol. 7, 90–100 90 2013 Vilnius University Where to Use and Ho not to Use Polynomial String Hashing Jaku' !(CHOCKI, $ak&' RADOSZEWSKI Faculty of Mathematics, Informatics and Mechanics, University of Warsaw Banacha 2, 02-097 Warsaw, oland e-mail: {pachoc$i,jrad}@mimuw.edu.pl Abstract. We discuss the usefulness of polynomial string hashing in programming competition tasks. We sho why se/eral common choices of parameters of a hash function can easily lead to a large number of collisions. We particularly concentrate on the case of hashing modulo the size of the integer type &sed for computation of fingerprints, that is, modulo a power of t o. We also gi/e examples of tasks in hich strin# hashing yields a solution much simpler than the solutions obtained using other known algorithms and data structures for string processing. Key words: programming contests, hashing on strings, task e/aluation. 1. Introduction Hash functions are &sed to map large data sets of elements of an arbitrary length 3the $eys4 to smaller data sets of elements of a 12ed length 3the fingerprints). The basic appli6 cation of hashing is efficient testin# of equality of %eys by comparin# their 1ngerprints. ( collision happens when two different %eys ha/e the same 1ngerprint. The ay in which collisions are handled is crucial in most applications of hashing. Hashing is particularly useful in construction of efficient practical algorithms. Here e focus on the case of the %eys 'ein# strings o/er an integer alphabetΣ= 0,1,...,A 1 . 5he elements ofΣ are called symbols.
  • Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms

    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms

    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms Levent Ertaul, Manpreet Kaur, Venkata Arun Kumar R Gudise CSU East Bay, Hayward, CA, USA. [email protected], [email protected], [email protected] Abstract- With the increase in mobile wireless or data lookup. Whereas, Cryptographic hash functions are technologies, security breaches are also increasing. It has used for building blocks for HMACs which provides become critical to safeguard our sensitive information message authentication. They ensure integrity of the data from the wrongdoers. So, having strong password is that is transmitted. Collision free hash function is the one pivotal. As almost every website needs you to login and which can never have same hashes of different output. If a create a password, it’s tempting to use same password and b are inputs such that H (a) =H (b), and a ≠ b. for numerous websites like banks, shopping and social User chosen passwords shall not be used directly as networking websites. This way we are making our cryptographic keys as they have low entropy and information easily accessible to hackers. Hence, we need randomness properties [2].Password is the secret value from a strong application for password security and which the cryptographic key can be generated. Figure 1 management. In this paper, we are going to compare the shows the statics of increasing cybercrime every year. Hence performance of 3 key derivation algorithms, namely, there is a need for strong key generation algorithms which PBKDF2 (Password Based Key Derivation Function), can generate the keys which are nearly impossible for the Bcrypt and Scrypt.
  • Speeding up Linux Disk Encryption Ignat Korchagin @Ignatkn $ Whoami

    Speeding up Linux Disk Encryption Ignat Korchagin @Ignatkn $ Whoami

    Speeding Up Linux Disk Encryption Ignat Korchagin @ignatkn $ whoami ● Performance and security at Cloudflare ● Passionate about security and crypto ● Enjoy low level programming @ignatkn Encrypting data at rest The storage stack applications @ignatkn The storage stack applications filesystems @ignatkn The storage stack applications filesystems block subsystem @ignatkn The storage stack applications filesystems block subsystem storage hardware @ignatkn Encryption at rest layers applications filesystems block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers applications filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers applications ecryptfs, ext4 encryption or fscrypt filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers DBMS, PGP, OpenSSL, Themis applications ecryptfs, ext4 encryption or fscrypt filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Storage hardware encryption Pros: ● it’s there ● little configuration needed ● fully transparent to applications ● usually faster than other layers @ignatkn Storage hardware encryption Pros: ● it’s there ● little configuration needed ● fully transparent to applications ● usually faster than other layers Cons: ● no visibility into the implementation ● no auditability ● sometimes poor security https://support.microsoft.com/en-us/help/4516071/windows-10-update-kb4516071 @ignatkn Block
  • Why Simple Hash Functions Work: Exploiting the Entropy in a Data Stream∗

    Why Simple Hash Functions Work: Exploiting the Entropy in a Data Stream∗

    Why Simple Hash Functions Work: Exploiting the Entropy in a Data Stream¤ Michael Mitzenmachery Salil Vadhanz School of Engineering & Applied Sciences Harvard University Cambridge, MA 02138 fmichaelm,[email protected] http://eecs.harvard.edu/»fmichaelm,salilg October 12, 2007 Abstract Hashing is fundamental to many algorithms and data structures widely used in practice. For theoretical analysis of hashing, there have been two main approaches. First, one can assume that the hash function is truly random, mapping each data item independently and uniformly to the range. This idealized model is unrealistic because a truly random hash function requires an exponential number of bits to describe. Alternatively, one can provide rigorous bounds on performance when explicit families of hash functions are used, such as 2-universal or O(1)-wise independent families. For such families, performance guarantees are often noticeably weaker than for ideal hashing. In practice, however, it is commonly observed that simple hash functions, including 2- universal hash functions, perform as predicted by the idealized analysis for truly random hash functions. In this paper, we try to explain this phenomenon. We demonstrate that the strong performance of universal hash functions in practice can arise naturally from a combination of the randomness of the hash function and the data. Speci¯cally, following the large body of literature on random sources and randomness extraction, we model the data as coming from a \block source," whereby each new data item has some \entropy" given the previous ones. As long as the (Renyi) entropy per data item is su±ciently large, it turns out that the performance when choosing a hash function from a 2-universal family is essentially the same as for a truly random hash function.
  • Key Derivation Functions and Their GPU Implementation

    Key Derivation Functions and Their GPU Implementation

    MASARYK UNIVERSITY FACULTY}w¡¢£¤¥¦§¨ OF I !"#$%&'()+,-./012345<yA|NFORMATICS Key derivation functions and their GPU implementation BACHELOR’S THESIS Ondrej Mosnáˇcek Brno, Spring 2015 This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-nc-sa/4.0/ cbna ii Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Ondrej Mosnáˇcek Advisor: Ing. Milan Brož iii Acknowledgement I would like to thank my supervisor for his guidance and support, and also for his extensive contributions to the Cryptsetup open- source project. Next, I would like to thank my family for their support and pa- tience and also to my friends who were falling behind schedule just like me and thus helped me not to panic. Last but not least, access to computing and storage facilities owned by parties and projects contributing to the National Grid In- frastructure MetaCentrum, provided under the programme “Projects of Large Infrastructure for Research, Development, and Innovations” (LM2010005), is also greatly appreciated. v Abstract Key derivation functions are a key element of many cryptographic applications. Password-based key derivation functions are designed specifically to derive cryptographic keys from low-entropy sources (such as passwords or passphrases) and to counter brute-force and dictionary attacks. However, the most widely adopted standard for password-based key derivation, PBKDF2, as implemented in most applications, is highly susceptible to attacks using Graphics Process- ing Units (GPUs).
  • Passwords, Hashes, and Cracks, Oh My! How Mac OS X Implements Password Authentication Dave Dribin “Why Should I Care?”

    Passwords, Hashes, and Cracks, Oh My! How Mac OS X Implements Password Authentication Dave Dribin “Why Should I Care?”

    Passwords, Hashes, and Cracks, Oh My! How Mac OS X Implements Password Authentication Dave Dribin “Why Should I Care?” • Application Developer • System Administrator • End User Authentication • Authentication is the process of attempting to verify a user’s identity • Passwords authenticate using a “shared secret” History • Mac OS X based on NeXTSTEP • NeXTSTEP Unix on top of Mach • Unix developed by AT&T Bell Labs on DEC PDP-11 • Unix based on mainframe time-sharing systems UNIX Time-Sharing System Version 1 • Released in 1971 • First release of Unix as we know it • Plaintext passwords Plaintext Problems “Perhaps the most memorable [example] occurred in the early 60’s when a system administrator on the CTSS system at MIT was editing the password file and another system administrator was editing the daily message that is printed on everyone’s terminal on login. Due to a software design error, the temporary editor files of the two users were interchanged and thus, for a time, the password file was printed on every terminal when it was logged in.” -- Robert Morris and Ken Thompson, April 3,1978 Unix Versions 3, 4, 5, 6 • Released 1973 through 1975 • Encrypted Password • Password file is readable by all NAME passwd -- password file DESCRIPTION passwd contains for each user the following in- formation: name (login name, contains no upper case) encrypted password numerical user ID GCOS job number and box number initial working directory program to use as Shell This is an ASCII file. Each field within each user's entry is separated from the next by a colon.
  • Hash Functions

    Hash Functions

    11 Hash Functions Suppose you share a huge le with a friend, but you are not sure whether you both have the same version of the le. You could send your version of the le to your friend and they could compare to their version. Is there any way to check that involves less communication than this? Let’s call your version of the le x (a string) and your friend’s version y. The goal is to determine whether x = y. A natural approach is to agree on some deterministic function H, compute H¹xº, and send it to your friend. Your friend can compute H¹yº and, since H is deterministic, compare the result to your H¹xº. In order for this method to be fool-proof, we need H to have the property that dierent inputs always map to dierent outputs — in other words, H must be injective (1-to-1). Unfortunately, if H is injective and H : f0; 1gin ! f0; 1gout is injective, then out > in. This means that sending H¹xº is no better/shorter than sending x itself! Let us call a pair ¹x;yº a collision in H if x , y and H¹xº = H¹yº. An injective function has no collisions. One common theme in cryptography is that you don’t always need something to be impossible; it’s often enough for that thing to be just highly unlikely. Instead of saying that H should have no collisions, what if we just say that collisions should be hard (for polynomial-time algorithms) to nd? An H with this property will probably be good enough for anything we care about.
  • Forgery and Key Recovery Attacks for Calico

    Forgery and Key Recovery Attacks for Calico

    Forgery and Key Recovery Attacks for Calico Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schl¨affer Institute for Applied Information Processing and Communications Graz University of Technology Inffeldgasse 16a, A-8010 Graz, Austria April 1, 2014 1 Calico v8 Calico [3] is an authenticated encryption design submitted to the CAESAR competition by Christopher Taylor. In Calico v8 in reference mode, ChaCha-14 and SipHash-2-4 work together in an Encrypt-then-MAC scheme. For this purpose, the key is split into a Cipher Key KC and a MAC Key KM . The plaintext is encrypted with ChaCha under the Cipher Key to a ciphertext with the same length as the plaintext. Then, the tag is calculated as the SipHash MAC of the concatenated ciphertext and associated data. The key used for SipHash is generated by xoring the nonce to the (lower, least significant part of the) MAC Key: (C; T ) = EncCalico(KC k KM ; N; A; P ); where k is concatenation, and with ⊕ denoting xor, the ciphertext and tag are calculated vi C = EncChaCha-14(KC ; N; P ) T = MACSipHash-2-4(KM ⊕ N; C k A): Here, A; P; C denote associated data, plaintext and ciphertext, respectively, all of arbitrary length. T is the 64-bit tag, N the 64-bit nonce, and the 384-bit key K is split into a 256-bit encryption and 128-bit authentication part, K = KC k KM . 2 Missing Domain Separation As shown above, the tag is calculated over the concatenation C k A of ciphertext and asso- ciated data. Due to the missing domain separation between ciphertext and associated data in the generation of the tag, the following attack is feasible.
  • Salting Vs Stretching Passwords for Enterprise Security

    Salting Vs Stretching Passwords for Enterprise Security

    Salting vs Stretching Passwords for Enterprise Security Password security is important. Salting and stretching a password are two ways to make passwords more secure from attackers. You can use the strategies separately or deploy them in tandem for the most security. This article covers the logic of password protection, including salting and stretching passwords. Database attacks Because passwords are a user’s key to their data, they are a key target for attackers. Popular methods of password attacks happen through brute force and rainbow attacks: Brute force attacks are a trial and error approach where a computer guesses until it gets it right. This may sound ineffective, but computers can try many, many times. In this era of computing, “Hashcat breaks an 8 character full coverage (a-zA-Z0-9!-=) password in 26 days on a single 1080 Nvidia GPU.” Rainbow attacks are another form of cracking passwords, where all possible combinations of hashed passwords are pre-computed and stored in a dictionary. Then, an attacker runs through their list of hashes to find a match. If their scan returns a match, then they have the password. Passwords help prevent attacks First things first: nothing online is perfectly secure. Not even computers not connected to the internet are perfectly secure. We use passwords to minimize risk of attack, not to guarantee it will never happen. Though you cannot guarantee security, there are some ways to increase database security. Salting and stretching passwords are two such strategies: 1. Salting passwords. Designing the password encryption so only one password is compromised rather than the whole database.